Secure Information Technology Center – Austria




Managing Security of API-based Integration Workflows

Kategorie: Cloud Computing, IT-Security

Security requirements, particularly those on confidentiality, require IT processes to be compliant to the least privilege principle. OAuth 2.0, a currently broadly adopted authorization protocol, meets these requirements only partially. For example, due to unilateraly defined and service provider specific representation of access scopes, the possibility to granulary and interoperably structure access restrictions and authorizations is virtually eliminated. This problem concerns in particular cross-domain data exchanges, as the security measures in different organizations can be applied only in limited extent.

The architecture and relevant first results of ongoing work were presented in the scope of DISSECT Workshop at IEEE / IFIP NOMS Conference. The proposed approach addresses the security management of API-based interactions. The prospects of service providers, clients and data owners are taken into consideration to enable the contextual dependence in API-based data exchanges, as well as to support the granularity and interoperability in security management.

Platform Independent CMA System

Kategorie: Cloud Computing, IT-Security

Despite their continuously growing popularity, mobile end-user devices still suffer from limited computing resources. This complicates the use of complex mobile applications that require resource-intensive computations.
Recently, several frameworks have been developed that enable mobile applications to follow the cloud-based mobile augmentation (CMA) approach. This approach defines a strategy to dynamically outsource resource-intensive tasks to external resources. None of the existing frameworks focuses on cross-platform applicability and interoperability issues. It turns out that all of the existing frameworks are tailored to specific platforms and specific operating systems. Furthermore, security is not tackled at all by any of the frameworks.
Weiter lesen…

Cloud-based Mobile Augmentation Systems

Kategorie: Cloud Computing

Since the emergence of mobile devices, researches are working on techniques to overcome their resource constraints and try to augment the devices with additional resources and computing power. One of the first techniques is called Cyber Foraging, where resource intensive tasks are offloaded to surrounding devices. Linked with the emerging field of cloud computing, new possibilities arise. This document provides a survey of existing offloading mechanisms and highlights there pros and cons. Further it is scrutinized on security related aspects with a special focus on cloud computing.

Weiter lesen…